[SOLVED] help with states | FWCloud Forum

[SOLVED] help with states

ukro

Member
Greetings,
how would i do this rules in GUI?Its just a reference for me to understand how to point GUI to the new,established,related state in the rules.

-A OUTPUT -p icmp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT

Thank you
P.S. or related,established is going to all OUTPUT?
And the GUI rules are only for NEW
 
Last edited:

Carles Munyoz

Administrator
Staff member
Hi,
In the options tab of a firewall you can set up if it is stateful or not:
firewall-options.png

If your firewall is stateful, then the special rule you can see in the next screenshot is created (not only in the FORWARD chain, in the INPUT and OUTPUT chains too) as the first rule and if you compile it you will see that the ESTABLISHED, RELATED traffic is accepted by means of this special rule:
Captura de pantalla 2021-05-20 a las 8.34.35.png

Because your firewall is stateful, new rules you create in your policy will be created with the state NEW. For example:
Captura de pantalla 2021-05-20 a las 8.39.29.png

Greetings.
 

ukro

Member
I have to read it 4times after it finaly make sence to me :-D, Thank you !
So if one would not used statefull firewall option and want to make this rules:
-A OUTPUT -p icmp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT

Is it possible?
 

ukro

Member
Ohh i see, i can make statefull rule and not the firewall, okay. Got it!
And what about this?
-A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
 

Carles Munyoz

Administrator
Staff member
At this moment it is not possible the use of the limit module using the FWCloud user interface, but we will include this feature in a future release.
But you can use the hook scripts feature for it:
Captura de pantalla 2021-05-20 a las 8.57.22.png
 
Top